Hello Fraud Fighters!

Welcome to the inaugural edition of This Week in Fraud, a newsletter focused on fraud, fintech, and financial crime for industry professionals. 

I’m Nick Holland — I’ve been an industry analyst and journalist for over 20 years and have always been fascinated by the underbelly of the financial services world, the “upside down” that accompanies all things fintech.

This new series will bring together the top news related to fraud, digital identity, and fincrime across the industry. We’ll curate the best (and worst) stories happening as we collectively try to make sense of a world where it is increasingly hard to believe what your eyes and ears are telling you.

So — please let me know what you think. What do you want to read about? What areas should we dive deeper into? And if you have any tips, please don’t hesitate to drop me a line. 

Let’s get started... 

- Nick

Big Story: 2026 is the year AI‑powered fraud goes industrial

World Economic Forum research this month warns that rapid adoption of generative AI is dramatically raising the risk of AI‑enabled cyber fraud, impersonation, and social‑engineering campaigns in 2026. Deepfakes, highly realistic phishing content, and localized, tailored scams are called out as key enablers that make attacks cheaper, more scalable, and more convincing.

This lines up with Experian’s 2026 Future of Fraud Forecast, which estimates consumer fraud losses at around $12.5 billion last year and highlights agentic AI, deepfake job candidates, AI‑cloned websites, and emotionally convincing romance bots as emerging front‑line threats.

Together, they paint 2026 as a tipping point where AI moves fraud from artisanal to industrial, and where human‑only review models cannot keep up.

The five threats Experian identifies read like a dystopian product roadmap: agentic AI enabling machine-to-machine fraud at scale, deepfake job candidates infiltrating remote workforces, smart home device exploitation, AI-powered website cloning, and romance scam bots with "high emotional IQ."

The most jaw-dropping statistic: 72% of business leaders believe that AI-enabled fraud and deepfakes will be among their top operational challenges this year, but just 37% are using GenAI to detect and protect from fraud. This is a shocking disconnect, even before we start adding agentic commerce to the mix.  

The fraud supply chain now includes:

• Deepfake-as-a-Service (DaaS) platforms selling ready-made impersonation tools
• Specialized mule network operators for moving dirty funds
• Synthetic identity factories blending real and fake data
• Scam compound operations (often using trafficked labor) running pig butchering at industrial scale

The implication for defenders is clear: point solutions aren't enough. If fraud operates as a coordinated supply chain, defense must too. That means better information sharing among FIs, telecom, and platforms; real-time behavioral analytics to catch mule activity downstream; and regulatory frameworks that assign appropriate liability across the chain.

The fraudsters have figured out specialization and scale. We need to counter appropriately. 

Quick Hit #1: Chainalysis flags record crypto scam losses

The 2026 Crypto Crime Report from Chainalysis estimates that crypto scams and fraud drained roughly $17 billion in 2025, driven by investment scams, romance/pig‑butchering schemes, and impersonation attacks.

The report emphasizes that professionalized fraud networks are routing funds through stablecoins, mixers, and luxury‑asset purchases, closely mirroring the large pig‑butchering seizures and asset‑forfeiture cases we’re now seeing from the DOJ and other agencies. For banks and fintechs, that means suspicious outbound flows to new or lightly used wallets—especially following fresh fiat funding—should be treated with the same skepticism as first‑time high‑value wires or ACHs.

Quick Hit #2: Nacha 2026 rules go from theory to “how‑to”

Following Nacha’s announcement of its 2026 risk‑management rules, a wave of how‑to guides from J.P. Morgan, Signature Bank, and Itemize are spelling out what originators and FIs actually need to do.

These pieces emphasize that risk‑based monitoring for both unauthorized and “authorized under false pretenses” entries is mandatory, and that RDFIs now have explicit obligations to monitor inbound credits for mule‑like activity and anomalous flows. The practical message: if you’re still relying on basic rules and post‑event investigations for ACH, you’re behind. The bar is moving toward real‑time behavioral analytics on both outgoing and incoming ACH, and corporates will need to upgrade their internal controls around payment‑change requests and vendor onboarding.

• Nacha rules overview
• J.P. Morgan guide
• Signature Bank explainer
• Itemize blog

Quick Hit #3: Identity fraud trends confirm deepfake pressure

A new “Top Identity Fraud Trends in 2026” piece from Fintech News Switzerland pulls together data from Veriff and other vendors, confirming that AI‑assisted identity fraud has gone from edge case to baseline.

Veriff reports that about 4% of verification attempts in 2025 were fraudulent, and that digitally presented media were 300% more likely to be AI‑generated or altered than the year before, with AI‑assisted forgeries now accounting for 2% of all detected fake documents.

The article also notes that ID cards are abused more frequently than passports and that criminals are increasingly using GenAI for both document tampering and face‑swap or deepfake video to defeat liveness checks. This dovetails directly with FinCEN’s recent deepfake alert and reinforces the need to treat identity proofing as one layer in a broader, continuous‑monitoring stack rather than a one‑and‑done gate. (FinCEN alert)

Quick Hit #4: Enforcement shifts— 2026 and beyond

Commentary from WorkFusion notes that regulators such as the UK FCA are levying large fines—like a £44 million penalty against Nationwide—for due‑diligence and customer‑risk‑assessment failures tied to AML and fraud.

For global institutions, that signals an enforcement environment where data‑driven, proactive fraud and AML controls are not just best practice but expected, and where cross‑border pig‑butchering and scam‑compound cases will increasingly be pursued via multi‑agency collaboration.

If you’re reading this from a bank, fintech, or vendor fraud team, I’d love to hear which part of your own “defense supply chain” feels most fragile right now. Hit reply with ideas, feedback, or stories you’d like covered next.